Researchers at Aqua Nautilus have uncovered a threat to SSH in cloud environments. Attackers are using SSH tunneling to exploit SSH servers and gain access to organizations’ networks.

Security researchers have discovered tens of thousands of exploited devices with a backdoor installed due to a critical zero-day vulnerability in Cisco IOS XE software’s web user interface.

CISA plans to issue a request for information to address Secure by Design engineering and is urging software manufacturers to demonstrate evidence of security incorporation through artifacts.

Vietnamese cybercrime groups are targeting the digital marketing sectors in the United Kingdom, United States, and India with various malware strains, including the DarkGate information stealer.

The Viking Line cyberattack, believed to be a DDoS attack, caused major disruptions to shipping company websites and emphasizes the urgent need for robust cybersecurity measures in the industry.

Using outdated software is the main reason for website compromise. In one case, an e-commerce store running on an old version of OpenCart led to credit card theft and fraud.

Cybersecurity firm Spec has successfully closed a $15M Series A funding round led by SignalFire, with participation from Legion Capital and Rally Ventures, enabling the company to advance its platform and expand its threat labs.

The BlackCat ransomware group has introduced a new evasion tool called Munchkin, distributed as an ISO file, allowing them to run ransomware on remote machines. The controller malware is written in Rust and resembles the BlackCat malware family.  Organizations are recommended to leverage the updated IOCs associated with the malware to stay safe.

The IT manager and his wife stole the personally identifiable information of over 9,000 individuals and sold it for $160,000 in Bitcoin, which was later used for criminal activities.